Just Get PMP

What is PMI-RMP® Certification? How did I prepare for PMI-RMP® Certification? You will find answers to these questions in this article.

PMI-RMP® Certification is the prestigious Risk Management Professional Certification from PMI (Project Management Institute). It demonstrates your ability to identify and analyze project risks, avoid/ transfer/ mitigate threats and capitalize on opportunities. PMI states that

83% of organizations that are high performers in project management practice risk management frequently while just 49 percent of low performers do so (Pulse of the Profession®: Capturing the Value of Project Management, February 2015)

How did I prepare for PMI-RMP Certification?

I became a Certified Risk Management Professional and earned my PMI-RMP® Credential about two years back. In this article, I would like to share the various mock exams I tried and the scores I obtained in those. I am just jotting down the journey towards obtaining PMI-RMP® Certification.

	Date of the Mock Test	Service Provider	Description	No. of questions	Score Obtained
1	24-06-2013	SimpliLearn	Free PMP test	175	78.9 %
2	15-07-2013	Ucertify	Free RMP Test	15	73 %
3	16-07-2013	Ucertify	Chapter Quiz	26	77 %
4	17-07-2013	The PM Instructors	Free PMI-RMP Questions	20	85 %
5	22-07-2013	Rita Mulcahy	Pretest	25	84 %
6	28-07-2013	Abdulla J. Alkuwaiti	Practice Questions	65	87.1 %
7	29-07-2013	PMXCEL.com	Sample Quiz	25	92 %
8	02-08-2013	Head First PMP	Risk Management Chapter Questions	20	95 %
9	03-08-2013	VTC	RMP Part 1	40	95 %
10	04-08-2013	VTC	RMP Part 2	50	88 %
11	05-08-2013	Scordo	Risk Management Questions	10	80 %
12	06-08-2013	Oliver Lehmann	PMP Test	75	80 %
13	06-08-2013	VTC	RMP Part 3	125	89 %
14	07-08-2013	VTC	PMI-SP Part 1	40	85 %
15	10-08-2013	Rita Mulcahy	Human Resource Chapter	34	76 %
16	10-08-2013	Rita Mulcahy	Quality Chapter	35	91 %
17	12-08-2013	Rita Mulcahy	Time Chapter	38	94.7 %
18	14-08-2013	Edwel	Free PMP Exam	200	79 %
19	12-08-2013	Rita Mulcahy	Cost Chapter	38	94.7 %
20	15-08-2013	Rita Mulcahy	Procurement Chapter	40	92.5 %

I believe that only practice can help you. I believe that most of the candidates who prepare for the risk management exam are already certified PMPs. So, they have the knowledge and basic understanding of how the risks are identified, assessed, risk responses planned, monitored and controlled. So, all they need is to practice more and more mock tests/ practice questions to get it right. Please go ahead and successfully obtain your PMI-RMP Credential!

Perform Qualitative Risk Analysis is the third project management process in the Project Risk Management knowledge area. It follows the process Identify Risks. In this process, the project team will prioritize identified risks by combining the probability of occurrence and likely impact.

In any project, either small or big, we would have identified several risks. All identified risks are not equal; the risk rating of each risk varies. They vary depending on the probability/ likelihood of occurrence and the impact of those risks on the project objectives. For example, some risks may have high probability of occurring, but may have only a small impact on the project if it happens. Similarly, another risk may have a huge impact on the project objectives, but have a remote chance of occurring in this project. How about a risk that has very high probability of occurring and a very high impact on the project cost if it occurs? Which of the above three risks would you put your effort on?

We need to have a way to prioritize the risks so that we can channel our efforts towards risks with high risk rating. Project performance can be improved by focusing on high-priority risks rather than spending scarce resources on low-priority risks. Perform qualitative risk analysis provides a rapid and cost-effective means of establishing priorities for “Plan Risk Responses” process and also lays foundation for “Perform Quantitative Risk Analysis”.

Please note that this process may lead to “Perform Quantitative Risk Analysis” or directly into “Plan Risk Responses”, depending on the project team’s necessities.

Risk register is created at the end of the Identify Risks process and this is the only output of the process. At this stage, the risk register is created only with initial entries. But, as other risk management processes happen we will see an increase in level and type of information and the risk register will get updated accordingly.

The Risk register at this stage contains:

• List of identified risks: Identified risks are described in as much detail as possible
• List of potential responses: The actual responses for identified risks will only be finalized during the “Plan Risk Responses” process. But, it is good to discuss potential responses while identifying the risks and the contributor to the risk identification would be in a good position to provide some input based on his/ her experience in other projects. This also will be useful as inputs to “Plan Risk Responses” process at a later stage.
• The main aim of the Risk Register at the end of “Identify Risks” process is to identify and record all the risks that can be foreseen. But, as we might have gone through some of the analysis like Cause and Effect Diagram or Root Cause Analysis or Influence Diagram or SWOT Analysis and so on, it would be good if we can include other information like “Root causes” in the risk register

A sample Risk Register is shown below with three identified risks in a construction project. Please take note that in a real project there may be many more risks that have to be identified.

Diagramming Techniques are used to identify risks in a project. Some of the diagramming techniques that are included in PMBOK/ PMP are Cause and effect diagram, System or process flow charts and influence diagrams.

Cause and effect diagram

This diagram is also known as Ishikawa diagram or Fish-bone diagram. It is referred to as the "Ishikawa diagram" because Dr. Kaoru Ishikawa, a Japanese quality control statistician, developed this diagram. The name "fishbone diagram" is derived from the fact that the entire diagram resembles a fish skeleton. The diagram illustrates the main causes and sub causes leading to an effect. It is used to identify potential root causes to problems.

System or process flow charts

System flow charts are very helpful to show how various elements of a system interrelate. They can be used to analyze an entire process by following the logical steps leading to an outcome or an objective. Flow charts are acclaimed for their ability to identify bottlenecks and superfluous processes.

Influence diagram

Influence diagrams are graphical representations of situations showing causal influences, time ordering of events and other relationships among variables and outcomes. Influence diagrams show how risks influence one another.

SWOT Analysis is one of the tools and techniques recommended in PMBOK/ PMP for the identification of risks in a project. It is a strategic planning tool used to evaluate the strengths, weaknesses, opportunities, and threats to a project. SWOT Analysis can assist you in recognizing opportunities that you are well placed to exploit. It also helps the project manager in understanding the weaknesses of the project so that they can be managed to eliminate threats which otherwise would not have been foreseen/ identified.


As you can see, SWOT Analysis is a framework to identify strengths and weaknesses in a project. This is typically done in interactive groups, like brainstorming sessions, where people can discuss, assess, and elaborate on the identified SWOT elements and analyzing them in depth. It is also a method for maximizing the positive risks (opportunities) and minimizing the negative risks (threats). The analysis and deliberation are designed in such a way to identify avenues to take advantage of strengths and exploit opportunities, as well as minimize the impacts of weaknesses and protect the project against threats.

Assumptions analysis is one of the tools and techniques of Identify Risks process. This analysis explores the validity of all the assumptions that are identified and documented during the project planning processes.


Assumptions analysis identifies risks to the project from inaccuracy, instability, inconsistency or incompleteness of assumptions. It is preferable to have the assumptions accurate, complete and consistent; but, in practice, it is not always possible. So, it is important for the project management team to review the justification or strength or support of the assumptions made. The risks are directly proportional to the consequences or the impacts to the project objectives if the assumption turns out to be wrong.

Checklist analysis is one of the tools and techniques of the Identify Risks process. Checklist Analysis can provide ideas for risks on a current project. Checklists can be developed based on historical information, knowledge from previous similar projects and from other sources of information. It is also possible to use the lowest level of Risk Breakdown Structure (RBS) as a checklist.

Checklist analysis is quick and simple; can be used by team members who have relatively less experience in similar projects. But, the project manager has to understand that it is impossible to build an exhaustive checklist. So, care should be taken to also explore risks that do not appear on the checklist, because even highly similar projects will have their own, unique and different risks.

Checklists should be reviewed during project closure to incorporate any new lessons learned and also to improve the checklists for future projects.

Documentation reviews are carried out for getting ideas on risks that may be existing/ foreseen in the project. Documentation reviews involve reviewing the project documentation, including plans, assumptions, project files, and other information in order to identify areas of inconsistency or lack of clarity. The documentation is comprehensively reviewed for completeness, accuracy and consistency. Missing, inaccurate or incomplete information and inconsistencies can be indicators of risks in the project.

The documents that could be reviewed include, but not limited to:

• Project charter
• Project scope statement
• Work Breakdown Structure (WBS)
• Project schedule
• Cost estimates
• Procurement plan
• Assumptions log

Information gathering includes various techniques like brainstorming, Delphi technique, interviews and root cause analysis. The ultimate aim of all these techniques is to identify and prepare a comprehensive list of risks in the project.

Brainstorming

It is one of the most widely used techniques to identify risks in a project. Project team usually performs brainstorming, often with subject matter experts, risk management experts and other important stakeholders who can contribute to the risk identification. It allows people to come up with risks. During brainstorming sessions there should be no criticism of ideas. The main focus is to open up possibilities of risk. Judgments and analysis at this stage inhibit idea generation. Ideas should only be evaluated at the end of the brainstorming session. Brainstorming sessions always have a facilitator to lead the team and help turn their ideas into a list of risks

Delphi technique

This technique is used to build consensus of experts who participate anonymously. A facilitator uses a questionnaire to solicit ideas about important project risks. The questionnaire is often designed with forced choices that require the experts to select between various options. The responses are summarized and re-circulated to the experts for further review until consensus on the final list of risks is reached. Delphi technique helps reduce bias in the data and keeps any one person from having undue influence on the outcome.

Interviewing

Interviewing is generally a face-to-face meeting that includes question and answer sessions. The interviews are conducted with project manager, project team, stakeholders, subject-matter experts, and individuals who may have participated in similar, past projects. Interviews help us to get first-hand information about others' experience and knowledge.

Root cause analysis

Root cause identification is a technique for identifying essential causes of risk. Reorganizing the identified risks by their root causes will help to identify more risks. This technique enables you to understand the risk more clearly so that responses can be planned to prevent recurrences.

Identify Risks is the second project management process in the Project Risk Management knowledge area. It follows the process Plan Risk Management .

In my opinion, Identify Risks is the most important process in the risk management knowledge area. All the processes that follow will be effective only if the risks are identified properly. So, a project manager or his/ her project team should devote their maximum effort to identify as many risks as possible at the initial stages of the project.

Generally, the participants in this process will include the project manager, project team members, risk management team, customers, end users, stakeholders, domain experts and risk management experts. It is a good practice to encourage all project personnel to identify risks. A good project manager will involve the entire project team in identifying the risks as it instills a sense of ownership and responsibility for the risks. This also will help in implementing associated risk response actions at a later stage.

Please take note that Identify risks is an iterative process throughout the entire life cycle of the project as new risks may appear or become known as the project progresses.


The following are the Inputs, Tools & Techniques and Outputs (ITTO) of the process "Identify Risks",

Inputs

1. Risk Management Plan
2. Activity cost estimates
3. Activity duration estimates
4. Scope baseline
5. Stakeholder register
6. Cost management plan
7. Schedule management plan
8. Quality management plan
9. Project documents
10. Enterprise environmental factors
11. Organizational process assets

Tools & Techniques

1. Documentation reviews
2. Information gathering techniques
3. Checklist analysis
4. Assumptions analysis
5. Diagramming techniques
6. SWOT analysis
7. Expert judgement

Outputs

1. Risk Register

Probability and Impact Matrix is a tool for the project team to aid in prioritizing risks. As you know, there may be several risks in any project. Depending on the size and complexity of the project in hand, the risks may vary somewhere from double digits to triple digits. But, do we have the time and money to look into all these risks, let alone the response action. The answer is NO; we do not have such luxury of time. So, it is necessary to find a way to identify those critical risks which needs the most attention from the project team.

Probability and Impact Matrix uses the combination of probability and impact scores of individual risks and ranks/ prioritizes them for easy handling of the risks. In other words, the probability and impact matrix helps to determine which risks need detailed risk response plans. It is vital to understand the priority for each risk as it allows the project team to appreciate the relative importance of each risk.

For example, a risk with a high probability/ likelihood of occurring and which will have a high impact on the project objectives will likely need a response plan.


The matrix generally used is a 3x3 matrix (with Low, Medium, High rating for Probability and Impact) or 5x5 matrix (with Very Low, Low, Medium, High and Very High ratings for probability and impact).  A sample Probability-Impact Matrix is given below for your reference.


How to use this matrix? If a particular risk has a moderate probability and the estimated impact of this risk is major, then you look into the respective row and column to identify the risk rating. For a moderate probability and major impact, the risk rating in the above matrix is "Medium". The colors are visual indications of the seriousness of the risks.

We will use this matrix in the risk assessment process to determine the risk rating for each risk.

The concept of Risk Probability and Impact is the fundamental building block on which Project Risk Management is raised. In this article, we will try to understand what is risk probability and what is risk impact.

Risk Probability

Risk Probability (sometimes known as likelihood) describes the potential for the risk event occurring. The probability of a risk occurring can range anywhere between 0% and 100% or it can be expressed as a number between 0 to 1. But, it can neither be 0% nor be 100%. Can you see why not?

If the risk probability value is 100%, then it is certain to occur; and as such, it defeats the definition of risk, an uncertain event or condition that may or may not occur. It cannot also be 0% for the same reason, as it means it is certain not to occur.

Risk Impact

Risk Impact describes the effects or consequences the project will experience if the risk event occurs. The impact may be in terms of money, time, organization's reputation, loss of business, injury to people, damage to property and so on.

Probability and impact scales can be defined in terms of relative or ordinal (High, Medium, Low), linear or cordinal (1, 2, 3, 4, 5) or non-linear (1, 2, 4, 8, 16).

It is an essential part of risk management to assign an owner for each risk. Why is it so? Why do we need a risk owner? Are we passing on the risk to a particular team member? No, not really. Identifying and assigning a risk owner is to make it clear who is responsible for what risk.


A risk owner is any individual, generally a project team member, who is responsible for the management, monitoring and control of an identified risk, including the implementation of the selected responses.

The risk owner should be capable of managing the risk and have the knowledge, resources, and authority to deal with the risk. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done. Risk owners should be added to the risk register.


Risk owners would be required to assess their risk and report to the project manager on a regular basis the status of the risk. Depending on the project, there can be a separate risk register meeting (at defined intervals like fortnightly or monthly) or risks could be discussed as part of the weekly progress/ status meeting. The identified risk owners will provide the updates on the respective risks during these meetings. 

RISK BREAKDOWN STRUCTURE (RBS)

What do you mean by risk categories? Risk categories are a group of potential causes of risk in a project.

And what is the use of categorizing risks? Risk categories generally provide a structure to systematically identify risks in a consistent manner. It helps the project manager and project team and contributes to the effectiveness and quality of the “Identify Risks” process. It provides a logical way to organize the project risks to better manage them and to determine the root causes of risk. Categorizing the risks also would be much beneficial while planning response actions for the identified risks.

Risks can be categorized in various ways like External, Internal, Technical or Project Management related risks. Risks can also be categorized based on the origin of the risk like Schedule Risk, Cost Risk, Quality Risk, Scope Risk or Resource Risk.

Depending on the project and the organization, the risk categories can be as simple as a list of categories or it might be structured into a detailed Risk Breakdown Structure (RBS) .

The following are the Inputs, Tools & Techniques and Outputs (ITTO) of the process "Plan Risk Management", which is the first project management process in the Project Risk Management knowledge area.


INPUTS:

1. Project scope statement
2. Cost management plan
3. Schedule management plan
4. Communications management plan
5. Enterprise environmental factors: Risk attitudes and tolerances that describe the degree of risk that an organization will withstand.
6. Organizational process assets: Risk categories, common definitions of terms and concepts, standard templates, authority levels for decision-making, lessons learned, stakeholder registers.

TOOLS & TECHNIQUES

1. Planning Meetings and Analysis:
   Project team hold planning meetings to develop risk management plan. Attendees may include project manager, selected team members and stakeholders, anyone with the responsibility to manage risk planning and execution activities. High level plans for conducting the risk management activities are  defined in these meetings. Risk management responsibilities will be assigned. Probability and impact matrix will be tailored to the specific project. If templates do not exist, they may be generated in these meetings.

OUTPUTS

1. Risk Management Plan:
   The only output of this process is risk management plan, which becomes a subset of the project management plan.. The risk management plan describes how risk management will be structured and performed on the project. It tells you how you are going to handle risk in the project. It defines how risk will be assessed, who will be responsible for doing it and how often you will do risk planning. Risk Management Plan includes the Methodology, Roles and responsibilities, Budgeting, Timing, Risk categories, Definitions of risk probability and impact, Probability and impact matrix, Revised stakeholders’ tolerances and Reporting formats.

Project Risk Management includes the following six project management processes:

1. Plan Risk Management : This is the first step in project risk management. It includes defining how to conduct risk management activities for a project.


2. Identify Risks: I would consider this as the most important process in the entire risk management. This is where you identify and determine which risks may affect the project and document their characteristics. The risk identification process must be comprehensive, as risks that have not been identified cannot be assessed or responses planned.


3. Perform Qualitative Risk Analysis: In this process, we assess the likelihood/ probability of each risk occurring and the likely impact of the risk on project objectives. We follow this up with prioritizing the identified risks for further analysis or action by combining their probability of occurrence and impact/ severity.


4. Perform Quantitative Risk Analysis: This process may or may not be included in all projects. Here, we numerically analyze the effect of prioritized risks on overall project objectives.


5. Plan Risk Responses: Developing options and actions to enhance opportunities and to reduce threats to project objectives.


6. Monitor and Control Risks: Implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.

Project Risk Management includes the project management processes of conducting risk management planning, identification, analysis, response planning, and monitoring and control on a project. The main objectives of project risk management are as follows:

• To increase the probability and impact of positive events/ opportunities
• To decrease the probability and impact of negative events/ threats

In other words, project risk management is a part of the project management, which deals with uncertain events in a project in a proactive manner. It helps a project manager to ensure that the project is completed on time, within the budget and to the project requirements.

Risk Threshold means the amount of risk that is acceptable to an organization. Most organizations can accept minimal overruns in schedule or cost, or minor changes to the scope. For example, a company may have a policy that a risk that increases the project's cost by not more than 10% is acceptable, but anything more than 10% is not acceptable.

The customer, sponsor and other stakeholders all may have different perceptions and different risk thresholds. It is the project manager's responsibility to bring consensus on the acceptable threshold. Then, it forms the target against which the project team will analyze risks.

In general, negative risks or threats may be accepted by an organization if they are within tolerances and are in balance with the rewards that may be gained by taking the risks. For example, adopting a fast track schedule is a risk taken by a project manager to achieve the reward created by an earlier completion date.

Organizations and stakeholders are willing to accept varying degrees of risk. Risk Tolerance means whether the risk can be tolerated or not. It is the willingness of the organization or a project team to accept or avoid a risk. For example, a company might have a policy that any risk that impacts their customer relationship will not be tolerated.

A project manager should understand his risk tolerance level as well as that of the project team and the organization as a whole.